Blacklisting undesirable applications still has its uses. However, with today's more dynamic computing environments, rapidly evolving threat landscape, and rigorous compliance mandates, blacklisting has reached its limits. Its heavy signature requirements make it unwieldy, the need for systems to regularly call home for signature updates make it inconvenient. Not to mention, it's also reactive: Blacklisting requires having advanced knowledge of the application (signature) and an unbeatable sensory method for reading signs of malicious activity.

Because of these inconveniences, application whitelisting (allowing only approved applications to run and blocking all others) is making its way into IT organizations to achieve compliance and protect systems from malicious applications executing on them.

This white paper defines why application whitelisting is important, differentiates the two approaches to application control (whitelist vs. blacklist), and discusses where the adoption of application whitelisting is most applicable. It discusses the applicability of application whitelisting on dedicated systems and in enterprise cases, while examining compliance implications and offering best practices.

Written by: SANS Institute

Sponsored by: McAfee